Git Product home page Git Product logo

requests_gpgauthlib's Introduction

requests_gpgauthlib - A requests GPGAuth authentication library

Project status: frozen

The project is not in developement anymore by Liip. See #17 for details; it needs a new maintaining team!

Build Status

Example usage

import requests

from requests_gpgauthlib import GPGAuthSession
from requests_gpgauthlib.utils import create_gpg, get_workdir, import_user_private_key_from_file

SERVER_URL = 'https://demo.passbolt.com'
SERVER_FINGERPRINT = '6810A8F7728F4A7CE936F93BA27743FA0C9E83E0'

gpg = create_gpg(get_workdir())

import_user_private_key_from_file(gpg, '~/Downloads/passbolt_private.asc')

ga = GPGAuthSession(
  gpg=gpg,
  server_url=SERVER_URL,
  auth_uri='/auth/'
)
assert ga.server_fingerprint == SERVER_FINGERPRINT
ga.authenticate()
all_resources = ga.get(ga.get_absolute_uri('/resources.json'), params={'contain[secret]': 1}).json()['body']
print(all_resources)

requests_gpgauthlib's People

Stargazers

avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar

Forkers

zentavr zamberjo 3guboff

requests_gpgauthlib's Issues

Auth token decryption failed

Hello, I have problem that some authentication attempts to our passbolt fails:

File "...", line 82, in login
    self._session.authenticate()
  File "/usr/lib/python3.7/site-packages/requests_gpgauthlib/gpgauth_session.py", line 231, in authenticate
    return self.is_authenticated_with_token
  File "/usr/lib/python3.7/site-packages/requests_gpgauthlib/gpgauth_session.py", line 215, in is_authenticated_with_token
    user_token_result=self.user_auth_token
  File "/usr/lib/python3.7/site-packages/requests_gpgauthlib/gpgauth_session.py", line 201, in user_auth_token
    raise GPGAuthStage1Exception("Auth token decryption failed: %s", user_auth_token.status)
requests_gpgauthlib.exceptions.GPGAuthStage1Exception: ('Auth token decryption failed: %s', 'decryption failed')

def login(self):
    self._session = GPGAuthSession(gpg=self._gpg, server_url=self.server_url)
    assert self._session.server_fingerprint == self.server_fingerprint

    self._session._user_passphrase = self.passphrase
    self._session.authenticate()

Interesting thing is that it is working for approx 70% of all attempts but sometimes it ends in this exception. Repeating the authetication after failure will successfully pass. Am I doing anything wrong? Is there way how to debug it? Thanks for any advice.

Tests fail while setting up GPG

running python -m pytest leads to:

============================= test session starts ==============================
platform linux -- Python 3.8.2, pytest-5.4.2, py-1.8.1, pluggy-0.13.1
rootdir: /build/python-requests-gpgauthlib/src/requests_gpgauthlib-0.1.2
plugins: requests-mock-1.8.0
collected 29 items

tests/unit/test_gpgauthsession.py .EEEEEEEEEEEEEEEEE                     [ 62%]
tests/unit/test_utils.py ......FFFFF                                     [100%]

==================================== ERRORS ====================================
_ ERROR at setup of TestGPGAuthSession.test_gpgauth_version_is_supported_not_in_absence_of_headers _

self = <class 'tests.unit.test_gpgauthsession.TestGPGAuthSession'>

    def setup_class(self):
        # Setup a server
        self.server_gnupg_home = get_temporary_workdir()
>       self.server_gpg = create_gpg(self.server_gnupg_home.name)

tests/unit/test_gpgauthsession.py:49:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
requests_gpgauthlib/utils.py:43: in create_gpg
    gpg = GPG(gnupghome=os.path.join(workdir, '.gnupg'))
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

self = <gnupg.GPG object at 0x7fef5a309c10>, gpgbinary = 'gpg'
gnupghome = '/tmp/requests_gpgauthlib-vx9ib7ms/.gnupg', verbose = False
use_agent = False, keyring = None, options = None, secret_keyring = None

    def __init__(self, gpgbinary='gpg', gnupghome=None, verbose=False,
                 use_agent=False, keyring=None, options=None,
                 secret_keyring=None):
        """Initialize a GPG process wrapper.  Options are:

        gpgbinary -- full pathname for GPG binary.

        gnupghome -- full pathname to where we can find the public and
        private keyrings.  Default is whatever gpg defaults to.
        keyring -- name of alternative keyring file to use, or list of such
        keyrings. If specified, the default keyring is not used.
        options =-- a list of additional options to pass to the GPG binary.
        secret_keyring -- name of alternative secret keyring file to use, or
        list of such keyrings.
        """
        self.gpgbinary = gpgbinary
        self.gnupghome = gnupghome
        # issue 112: fail if the specified value isn't a directory
        if gnupghome and not os.path.isdir(gnupghome):
>           raise ValueError('gnupghome should be a directory (it isn\'t): %s' % gnupghome)
E           ValueError: gnupghome should be a directory (it isn't): /tmp/requests_gpgauthlib-vx9ib7ms/.gnupg

/usr/lib/python3.8/site-packages/gnupg.py:827: ValueError
_ ERROR at setup of TestGPGAuthSession.test_gpgauth_version_is_supported_not_for_wrong_versions _

self = <class 'tests.unit.test_gpgauthsession.TestGPGAuthSession'>

    def setup_class(self):
        # Setup a server
        self.server_gnupg_home = get_temporary_workdir()
>       self.server_gpg = create_gpg(self.server_gnupg_home.name)

Error: "Stage0: X-GPGAuth-Verify-Response should be set"

When trying to search with wrench I get an error that X-GPGAuth-Verify-Response should be set.

Here's the full error:

Stage0: X-GPGAuth-Verify-Response should be set
Traceback (most recent call last):
  File "/Users/colin/.local/bin/wrench", line 11, in <module>
    sys.exit(main())
  File "/Users/colin/.local/venvs/passbolt-wrench/lib/python3.6/site-packages/wrench/commands.py", line 257, in main
    cli(obj={})
  File "/Users/colin/.local/venvs/passbolt-wrench/lib/python3.6/site-packages/click/core.py", line 722, in __call__
    return self.main(*args, **kwargs)
  File "/Users/colin/.local/venvs/passbolt-wrench/lib/python3.6/site-packages/click/core.py", line 697, in main
    rv = self.invoke(ctx)
  File "/Users/colin/.local/venvs/passbolt-wrench/lib/python3.6/site-packages/click/core.py", line 1066, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/Users/colin/.local/venvs/passbolt-wrench/lib/python3.6/site-packages/click/core.py", line 895, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/Users/colin/.local/venvs/passbolt-wrench/lib/python3.6/site-packages/click/core.py", line 535, in invoke
    return callback(*args, **kwargs)
  File "/Users/colin/.local/venvs/passbolt-wrench/lib/python3.6/site-packages/click/decorators.py", line 17, in new_func
    return f(get_current_context(), *args, **kwargs)
  File "/Users/colin/.local/venvs/passbolt-wrench/lib/python3.6/site-packages/wrench/commands.py", line 171, in search
    session = create_session_from_context(ctx.obj)
  File "/Users/colin/.local/venvs/passbolt-wrench/lib/python3.6/site-packages/wrench/commands.py", line 72, in create_session_from_context
    session.authenticate()
  File "/Users/colin/.local/venvs/passbolt-wrench/lib/python3.6/site-packages/requests_gpgauthlib/gpgauth_session.py", line 216, in authenticate
    return self.is_authenticated_with_token
  File "/Users/colin/.local/venvs/passbolt-wrench/lib/python3.6/site-packages/requests_gpgauthlib/gpgauth_session.py", line 200, in is_authenticated_with_token
    user_token_result=self.user_auth_token
  File "/Users/colin/.local/venvs/passbolt-wrench/lib/python3.6/site-packages/requests_gpgauthlib/gpgauth_session.py", line 157, in user_auth_token
    if not self.server_identity_is_verified:
  File "/Users/colin/.local/venvs/passbolt-wrench/lib/python3.6/site-packages/requests_gpgauthlib/gpgauth_session.py", line 141, in server_identity_is_verified
    raise GPGAuthStage0Exception("Verify endpoint wrongly formatted")
requests_gpgauthlib.exceptions.GPGAuthStage0Exception: Verify endpoint wrongly formatted

Add debug log statements

Some people reported issues with stage1 auth, which is actually quite hard to debug since there's no debug information logged. We should at least add debug statements after each failed GPG encryption/decryption command (eg. https://github.com/liip/requests_gpgauthlib/blob/master/requests_gpgauthlib/gpgauth_session.py#L183) to log the result so we can have a better idea of what's going on.

We could also check if the response has a X-GPGAuth-Error and a X-GPGAuth-Debug header and log its contents.

Needs a new maintainer / home

Here @ Liip, we're not using Passbolt anymore, therefore we are not using wrench, therefore not using requests_gpgauthlib anymore.

This project should be taken by a new team, to a new home. We'd be very happy to point people (and the pypi repo) to it's new home!

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.